We have turned on organization cloud trail on our AWS organization (Cloudtrail is now activated by default on all our organization accounts).
Ingesting all the additional cloudtrail logs significantly increased our Sumologic bill. Are there best practices around ingesting organization trails in Sumologic to reduce the cost. Maybe some filtering in AWS and ingesting only some events? I'm curious to learn what other people are doing out there.
Please sign in to leave a comment.